1902372 – Pidgin: OMEMO Security problem in lurch and libomemo: 12-byte IVs patch is missing

Bug 1902372 - Pidgin: OMEMO Security problem in lurch and libomemo: 12-byte IVs patch is missing

Summary: Pidgin: OMEMO Security problem in lurch and libomemo: 12-byte IVs patch is mi...

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	pidgin-epel
Sub Component:
Version:	epel7
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Orphan Owner
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-11-28 07:46 UTC by Neustradamus
Modified:	2021-06-15 16:38 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-06-15 16:38:09 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Neustradamus 2020-11-28 07:46:12 UTC

Dear all,

There is a problem for Pidgin and OMEMO (to all current Fedora/RHEL version).

Pidgin is very very used and need a perfect comptability with all OMEMO clients.

Can you see for "lurch" and "libomemo" big problem?

Very important security point: There is a compatiblity problem with all OMEMO clients (E2E).

Can you quickly solve the needed libomemo with the missing 12-byte IVs patch?
- https://github.com/gkdr/libomemo/pull/27

Explaination:
- https://github.com/gkdr/libomemo/issues/24

Already solved in Alpine / Debian / AUR

Thanks in advance.

Regards,

Neustradamus

Comment 1 Carl George 🤠 2021-06-15 16:38:09 UTC

pidgin-epel is retired (see bug 1972323) because pidgin is in RHEL since 7.3.  If this is still an issue with the RHEL pidgin package, please file a bug under the RHEL7 product and pidgin component.

Note You need to log in before you can comment on or make changes to this bug.